Your message dated Thu, 28 Feb 2013 07:56:52 +0900 with message-id <CABMQnV+Xei9KB7mvJ9p29SRuLk_Rm3a+cp7VqYL1QLuzx=b...@mail.gmail.com> and subject line Re: ruby-rack: CVE-2013-0263: Timing attack in cookie sessions has caused the Debian Bug report #700226, regarding ruby-rack: CVE-2013-0263: Timing attack in cookie sessions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700226: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-rack Severity: grave Tags: security Hi, the following vulnerabilities were published for ruby-rack. CVE-2013-0262[0]: Path sanitization information disclosure CVE-2013-0263[1]: Timing attack in cookie sessions If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Patches/upstream commits are referenced in the security tracker. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-0262 [1] http://security-tracker.debian.org/tracker/CVE-2013-0263 Please adjust the affected versions in the BTS as needed. Note: According to the red hat bugtracker for CVE-2013-0262 only versions after 1.4.x are affected, for CVE-2013-0263 all previous versions. Could you please double check this, and mark accordingly? Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-rack Version: 1.4.1-2.1 Hi, This bug was closed in 1.4.1-2.1. Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6
--- End Message ---
